<?php
header('Content-Type: text/xml');
header('Cache-Control: no-cache');
include ('../includes/conf.php');

$query = @$HTTP_GET_VARS["query"];

$query = str_replace("\\", "", $query);

//echo (getenv('HTTP_REFERER'));

//$query = "SELECT * FROM aliquote";
//$resultID = mysql_query($query, $db) or die("Data not found.");
$resultID = mysql_query($query, $db) ;

//echo $query;

$xml_output = "<XML id='xmlData' name='xmlData'><root>\n";


for($x = 0 ; $x < mysql_num_rows($resultID) ; $x++){
    $row = mysql_fetch_assoc($resultID);

    $xml_output .= "<row>";

      // Escaping illegal characters
	for($y = 0 ; $y < mysql_num_fields($resultID) ; $y++){
    	    $row[$y] = str_replace("&", "&", $row[mysql_field_name($resultID, $y)]);
	    $row[$y] = str_replace("<", "<", $row[mysql_field_name($resultID, $y)]);
	    $row[$y] = str_replace(">", "&gt;", $row[mysql_field_name($resultID, $y)]);
	    $row[$y] = str_replace("\"", "&quot;", $row[mysql_field_name($resultID, $y)]);
	    $xml_output .= "<" . mysql_field_name($resultID, $y) . ">" . $row[mysql_field_name($resultID, $y)] . "</" . mysql_field_name($resultID, $y) . ">";
	}

    
    $xml_output .= "</row>";
}

$xml_output .= "</root>";
$xml_output .= "</XML>";

echo $xml_output;

?> 